Something old, nothing new: Cybercrims still rely on spam

Cybercriminals may be experimenting with new ways to distribute their wares across the internet, but it turns out they still rely on the same techniques they have been using for decades: spam.

Research from security firm F-Secure found that spam remain the most common way of spreading malware, scams, and malicious URLs, even 40 years since the first email spam was sent.

“Email spam is once again the most popular choice for sending out malware,” comments F-Secure threat intelligence researcher Päivi Tynninen.

“Of the spam samples we’ve seen over spring of 2018, 46% are dating scams, 23% are emails with malicious attachments, and 31% contain links to malicious websites.”

Despite new attack methods, spam has actually become more popular – it still relies on mass email sends that can catch a small number of users.

And there’s even psychology behind it. MWR InfoSecurity behavioural science lead Adam Sheehan says that spam is a successful attack vector. Click rates have increased from 13.4% to 14.2% in the space of six months.

Spam also uses specific psychological tactics to snare as many users as possible.

According to F-Secure, the probability of a recipient opening an email increases 12% if the email claims to come from a known individual.

In addition, if a subject line is free from errors, it improves spam’s success rate by 4.5%

A phishing email states that its call to action that is very urgent gets less traction than when the urgency is implied.

While many people are becoming wise to the dangers of opening suspicious emails and clicking on unsolicited attachments, criminals are branching out and using methods other than attachments.

“Rather than just using malicious attachments, the spam we’re seeing often features a URL that directs you to a harmless site, which then redirects you to site hosting malicious content. The extra hop is an analysis evasion method for keeping the malicious content hosted for as long as possible,” Päivi says.

“And when attachments are used, the criminals often attempt to avoid automatic analysis by asking the user to enter a password featured in the body of the email to open the file.”

F-Secure shields enterprises and consumers against everything from advanced cyber attacks and data breaches to widespread ransomware infections. Its products are sold all over the world by over 200 broadband and mobile operators and thousands of resellers. The company has also participated in a number of European cybercrime investigations.